A tool to bruteforce dumains!
Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists. For example:
Using the mask DUMB.dumain.com and the following wordlists:
www
ftp
backoffice
Dumb will generate the following dumains for bruteforce:
www.dumain.com
ftp.dumain.com
backoffice.dumain.com
For subdumains, you can only pass dumain.com and dumb will understand as DUMB.dumain.com.
Using the same principle, you can pass as mask dumain.DUMB with the following wordlist:
com
net
org
Dumb will generate the following dumains for bruteforce:
dumain.com
dumain.net
dumain.org
To bruteforce everything you can pass the mask as "DUMB.DUMB.DUMB" passing three wordlists:
wordlist1 wordlist2 wordlist3
www foo com
ftp bar net
Dumb will generate:
www.foo.com
ftp.foo.com
www.bar.com
ftp.bar.com
www.foo.net
ftp.foo.net
www.bar.net
ftp.bar.net
Dumb receives the dumain mask as first parameter and the wordlists following. The number of wordlists must match the number of masks in the dumain. For example:
- One mask:
$ dumb "DUMB.dumain.com" wordlists/foo.txt - Two masks:
$ dumb "DUMB.dumain.DUMB" wordlists/foo.txt wordlists/bar.txt - Several masks:
$ dumb "DUMB-DUMB-DUMB_DUMB.DUMB.DUMB" wordlists/foo_1.txt ... wordlists/foo_6.txt
If you don't want to build from source, you can use the docker version:
docker run -it giovanifss/dumb "DUMB.dumain.com" subdomains.txt
Also, if you want to test the newest code (beta) with improvements, use:docker run -it giovanifss/dumb:beta "DUMB.dumain.com" subdomains.txt
Note that the beta may be unstable or do not perform well
All the wordlists in wordlists/ are inside the docker container in filesystem root /, this means that you can call dumb passing the wordlists name:
docker run -it giovanifss/dumb "DUMB.dumain.com" (subdomains.txt|subdominios.txt|domain-endings.txt)
To work with local wordlists that aren't present inside the container, you can use docker volumes:
docker run -v local/wordlist.txt:/opt/wordlist.txt -it giovanifss/dumb "DUMB.dumain.com" /opt/wordlist.txt
If you want to build from source you will need stack:
- Enter in the project directory and run
$ stack build. - To execute:
$ stack exec dumb "DUMB.dumain.com" wordlists/subdomains.txt
Note that some older versions of stack have some problems to build the project (Debian stack package, for example). Make sure you get the latest stack version.
Future planned features are:
- Argument parser support, for better configuration of the tool execution;
- Post analysis of found dumains, generating statistics and metrics;
The tool performance will highly depend on your network connection. Usually, it should take less then 10 seconds to finish a subdumain burteforce with the wordlists/subdomains.txt wordlist.
If you have a good connection and think that the tool is slow, try changing the 1000 in the splitDomains function call, e.g. mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains), to a higher value.
Alternatively, you can change mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains) to MP.mapM_ (resolve rs) allDomains to execute all the requests in parallel.